When you’re browsing a website and the mouse cursor disappears, it might be a computer glitch — or it might be a deliberate test to find out who you are.
The way you press, scroll and type on a phone screen or keyboard can be as unique as your fingerprints or facial features. To fight fraud, a growing number of banks and merchants are tracking visitors’ physical movements as they use websites and apps.
Some use the technology only to weed out automated attacks and suspicious transactions, but others are going significantly further, amassing tens of millions of profiles that can identify customers by how they touch, hold and tap their devices.
The data collection is invisible to those being watched. Using sensors in your phone or code on websites, companies can gather thousands of data points by tracking, known as “behavioral biometrics,” to help prove whether a digital user is actually the person she claims to be.
To security officials, the technology is a powerful safeguard. Major data breaches are a near-daily occurrence. Cyberthieves have obtained billions of passwords and other sensitive personal information, which can be used to steal from customers’ bank and shopping accounts and fraudulently open new ones.
“Identity is the ultimate digital currency, and it’s being weaponized at an industrial scale,” said Alisdair Faulkner, one of the founders of ThreatMetrix, which makes fraud detection software for large merchants and financial companies. Many of his company’s customers are now using or testing behavioral biometric tools, he said. Source